Skills
skills/christopheralphonse/calphonse-skills/plan-eng-review/Gen Agent Trust Hub

plan-eng-review

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill configuration includes the Bash tool in the allowed-tools list. The instructions specify using this tool for codebase exploration to answer questions instead of querying the user.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because its core function involves ingesting and analyzing untrusted external data (project plans and codebase files).
  • Ingestion points: The agent reads project-specific content from the .planning/ directory and general source files using Read, Grep, and Glob tools.
  • Boundary markers: There are no instructions defining the use of delimiters or 'ignore embedded instructions' warnings to isolate external data from the agent's execution logic.
  • Capability inventory: The skill possesses Write capabilities to modify the filesystem (specifically the .planning/ directory) and Bash for shell command execution.
  • Sanitization: No sanitization, validation, or escaping of the ingested file content is performed prior to processing or inclusion in the review artifact.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 03:33 AM